ICS has been considered and introduced in the 3rd generation partnership program (3GPP) e.g. release 8, technical specification (TS) 23.292.
ICS may provide communication services such that all services, and service control, are based e.g. on IMS mechanisms and enablers. ICS enables IMS services to users that are attached e.g. via the centralized service. When an ICS user accesses the IMS by using circuit switched (CS) access, i.e. via a ICS mobile switching center (IMSC) server (a MSC server supporting ICS), authentication and authorization may be performed in the IMSC server and therefore, e.g. a serving call session control function (S-CSCF) may skip IMS authentication for such an IMS registration.
The ICS user may be assigned a so-called special ICS IMS private user identity (IMPI) when accessing the IMS e.g. via the CS domain. The S-CSCF may use this special ICS IMPI as an indication for this situation that the user has been already authenticated and authorized by the IMSC server. However, the ICS IMPI is not protected against abuse. A malicious user may use such a special ICS IMPI to use the IMS service e.g. free of charge, as the authentication process is skipped.
In earlier IMS releases this was solved by the P-CSCF which checks a received registration request from a user and passes it on towards the S-CSCF indicating if the register request might come from a potential malicious user or not. The S-CSCF may then challenge the register request if the P-CSCF has indicated that the register request might come from a malicious user.
However the situation is different in the ICS system, since IMSC is now performing the registration and an additional authentication by the S-CSCF shall be avoided when the user has already been successful authenticated and authorized by the IMSC.
In the standardization bodies (e.g. 3GPP), it was discussed to use the P-Access-Network-Info (PANI) header to indicate from IMSC to S-CSCF that authentication may be skipped. The PANI header may contain information about the access network and a “network-provided” parameter. The information about the access network may inform the S-CSCF that authentication has already been performed.
A possible drawback of the PANI header solution resides in that older Releases P-CSCFs may not support the “network-provided” mechanism. Thus, a possibility may exist that this mechanism may be abused by a malicious user. The malicious user may set the “network-provided” parameter and an unaware P-CSCF may not remove the parameter. As a consequence, the S-CSCF may skip authentication.
One way to solve this problem may be appropriate administration, i.e. the S-CSCF may decide whether or not to accept the “network-provided” indication based on a database. However, such a database requires additional administration which may, in roaming scenarios, become unmanageable.
Another approach resides in using a solution based on databases only, where all MSC servers supporting ICS (IMSCs) are stored. Furthermore, the S-CSCF may only skip the authentication process if the ICS user registers e.g. with IMS via such an IMSC server. However, this alternative may cause an unacceptable administrative effort and will also cause large problem for the synchronization of the databases.
A further possible drawback may reside in that, as an ICS user may also access its home IMS domain via a visited IMSC server in case of roaming, all IMSC servers in foreign CS roaming domains have also to be stored in the database. This means whenever an IMSC server is added or removed, the databases in all domains with a roaming agreement have to be updated. This will cause unacceptable administrative efforts and will also cause a large problem for the synchronization of the databases.
In consideration of the above, it is an object of examples of the present invention to overcome one or more of the above drawbacks. In particular, the present invention provides methods, apparatuses, a system and a related computer program product for identity protection.
According to an example of the present invention, in a first aspect, this object is for example achieved by a method comprising:                transmitting, after successful registration of a terminal at a network entity, a registration message comprising terminal identity information and integrity indication information indicating affirmative integrity of the terminal identity information.        
According to further refinements of the example of the present invention as defined under the above first aspect,                the method further comprises generating the registration message by the network entity;        the registration message is one of an initial registration message, a re-registration message and a de-registration message;        the network entity is an internet protocol multimedia subsystem centralized service enhanced mobile switching center.        
According to an example of the present invention, in a second aspect, this object is for example achieved by a method comprising:                processing, after reception of a registration message comprising terminal identity information and integrity indication information indicating integrity of the terminal identity information, the received registration message based on the terminal identity information and the integrity indication information such that,        i) if the integrity is indicated affirmative, an authentication procedure of the terminal is skipped, or,        ii) if the integrity is indicated negative, the received registration message is rejected without provisioning of key information related to registration of the terminal.        
According to further refinements of the example of the present invention as defined under the above second aspect,                the method further comprises receiving the registration message;        the key information relates to a secure registration between the terminal and a network control entity;        the processing of item i) is performed if a successful registration of the terminal is recognized, and the processing of item ii) is performed if the received registration message is recognized as unprotected;        the integrity indication information indicating negative integrity is constituted by an integrity-protected flag being set to no.        
According to further refinements of the example of the present invention as defined under the above first and second aspects,                the integrity indication information indicating affirmative integrity is constituted by an integrity-protected flag being set to yes;        the registration message is a session initiation protocol register message;        the terminal identity information is constituted by a special internet protocol multimedia subsystem centralized service internet protocol multimedia private identity.        
According to an example of the present invention, in a third aspect, this object is for example achieved by an apparatus comprising:                means for transmitting, after successful registration of a terminal at the apparatus, a registration message comprising terminal identity information and integrity indication information indicating affirmative integrity of the terminal identity information.        
According to further refinements of the example of the present invention as defined under the above third aspect,                the apparatus further comprises means for generating the registration message;        the registration message is one of an initial registration message, a re-registration message and a de-registration message;        the apparatus is constituted by an internet protocol multimedia subsystem centralized service enhanced mobile switching center.        
According to an example of the present invention, in a fourth aspect, this object is for example achieved by an apparatus comprising:                means for processing, after reception of a registration message comprising terminal identity information and integrity indication information indicating integrity of the terminal identity information, the received registration message based on the terminal identity information and the integrity indication information such that,        i) if the integrity is indicated affirmative, an authentication procedure of the terminal is skipped, or,        ii) if the integrity is indicated negative, the received registration message is rejected without provisioning of key information related to registration of the terminal.        
According to further refinements of the example of the present invention as defined under the above fourth aspect,                the key information relates to a secure registration between the terminal and a network control entity;        the apparatus further comprises means for receiving the registration message;        the means for receiving is configured to receive the registration message from one of the network control entity and the apparatus according to the third aspect;        the means for processing is configured to process according to item i) if a successful registration of the terminal is recognized, and is configured to process according to item ii) if the received registration message is recognized as unprotected;        the integrity indication information indicating negative integrity is constituted by an integrity-protected flag being set to no;        the apparatus is constituted by a serving call session control function.        
According to further refinements of the example of the present invention as defined under the above third and fourth aspects,                the integrity indication information indicating affirmative integrity is constituted by an integrity-protected flag being set to yes;        the registration message is a session initiation protocol register message;        the terminal identity information is constituted by a special internet protocol multimedia subsystem centralized service internet protocol multimedia private identity;        the network control entity is constituted by a proxy call session control function;        at least one, or more of means for transmitting, means for generating, means for processing, means for receiving and the apparatus is implemented as a chipset or module.        
According to an example of the present invention, in a fifth aspect, this object is for example achieved by an apparatus comprising:                a transmitter configured to transmit, after successful registration of a terminal at the apparatus, a registration message comprising terminal identity information and integrity indication information indicating affirmative integrity of the terminal identity information.        
According to further refinements of the example of the present invention as defined under the above fifth aspect,                the apparatus further comprises a generator configured to generate the registration message;        the registration message is one of an initial registration message, a re-registration message and a de-registration message;        the apparatus is constituted by an internet protocol multimedia subsystem centralized service enhanced mobile switching center.        
According to an example of the present invention, in a sixth aspect, this object is for example achieved by an apparatus comprising:                a processor configured to process, after reception of a registration message comprising terminal identity information and integrity indication information indicating integrity of the terminal identity information, the received registration message based on the terminal identity information and the integrity indication information such that,        i) if the integrity is indicated affirmative, an authentication procedure of the terminal is skipped, or,        ii) if the integrity is indicated negative, the received registration message is rejected without provisioning of key information related to registration of the terminal.        
According to further refinements of the example of the present invention as defined under the above sixth aspect,                the key information relates to a secure registration between the terminal and a network control entity;        the apparatus further comprises a receiver configured to receive the registration message;        the receiver is configured to receive the registration message from one of the network control entity and the apparatus according to the fifth aspect;        the processor is configured to process according to item        i) if a successful registration of the terminal is recognized, and is configured to process according to item        ii) if the received registration message is recognized as unprotected;        the integrity indication information indicating negative integrity is constituted by an integrity-protected flag being set to no;        the apparatus is constituted by a serving call session control function.        
According to further refinements of the example of the present invention as defined under the above fifth and sixth aspects,                the integrity indication information indicating affirmative integrity is constituted by an integrity-protected flag being set to yes;        the registration message is a session initiation protocol register message;        the terminal identity information is constituted by a special internet protocol multimedia subsystem centralized service internet protocol multimedia private identity;        the network control entity is constituted by a proxy call session control function;        at least one, or more of a transmitter, a generator, a processor, a receiver and the apparatus is implemented as a chipset or module.        
According to an example of the present invention, in a seventh aspect, this object is for example achieved by a system comprising:                a terminal;        an apparatus according to any one of the above third and fifth aspects; and        an apparatus according to any one the above fourth and sixth aspects.        
According to an example of the present invention, in an eighth aspect, this object is for example achieved by a computer program product comprising code means for performing method steps of a method according to any one of the above first and second aspects, when run on a processing means or module.
According to an example of the present invention, in a ninth aspect, this object is for example achieved by a computer program comprising code means for performing a method comprising:                transmitting, after successful registration of a terminal at a network entity, a registration message comprising terminal identity information and integrity indication information indicating affirmative integrity of the terminal identity information.        
According to an example of the present invention, in a tenth aspect, this object is for example achieved by a computer program comprising code means for performing a method comprising:                processing, after reception of a registration message comprising terminal identity information and integrity indication information indicating integrity of the terminal identity information, the received registration message based on the terminal identity information and the integrity indication information such that,        i) if the integrity is indicated affirmative, an authentication procedure of the terminal is skipped, or,        ii) if the integrity is indicated negative, the received registration message is rejected without provisioning of key information related to registration of the terminal.        
In this connection, it has to be pointed out that examples of the present invention enable one or more of the following:                Enabling the S-CSCF to verify whether the sender of a registration request is an IMSC or not, by ensuring that, by means of the concept only IMSC can send such an integrity protected request, and that via a P-CSCF only unprotected REGISTER request for ICS users can reach a S-CSCF;        based on the item above, the S-CSCF can skip authorization and authentication if the register request is received from an IMSC.        Providing a solution for the problem discussed in the standardization bodies (e.g. 3GPP);        Alleviating administrative efforts and avoiding problems related to synchronization of the databases;        Enabling the IMSC server to generate a register request, which in addition includes e.g. the special ICS IMPI.        